Date: Wed, 17 Jun 2015 06:43:00 -0700 From: Tristan Cacqueray <tdecacqu@...hat.com> To: Salvatore Bonaccorso <carnil@...ian.org>, oss-security@...ts.openwall.com Subject: Re: [OSSA 2015-011] Cinder host file disclosure through qcow2 backing file (CVE-2015-1851) Hi Salvatore, On 06/16/2015 09:33 PM, Salvatore Bonaccorso wrote: > Could you clearify if this CVE assignment is correct? OSSA 2015-011 assigned the wrong CVE and it should have included CVE-2015-1851 instead. An ERRATA will be issued soon. > I noticed that Red Hat Bugzilla has > https://bugzilla.redhat.com/show_bug.cgi?id=1231816 (CVE-2015-1850) > for the nova issue and similarly > https://bugzilla.redhat.com/show_bug.cgi?id=1231817 (CVE-2015-1851) > for the cinder issue. Is this correct? > This is correct. Note that while a CVE has been assigned for the Nova part, the bug has still not been reproduced there, and while there is no patch, Nova has been left out of this OSSA. > Regards and thanks in advance, > Salvatore Thanks for bringing that up! -- Tristan Cacqueray OpenStack Vulnerability Management Team Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.